📄 common.inc.php
字号:
<?php/* vim: set expandtab sw=4 ts=4 sts=4: *//** * Misc stuff and REQUIRED by ALL the scripts. * MUST be included by every script * * Among other things, it contains the advanced authentication work. * * Order of sections for common.inc.php: * * the authentication libraries must be before the connection to db * * ... so the required order is: * * LABEL_variables_init * - initialize some variables always needed * LABEL_parsing_config_file * - parsing of the configuration file * LABEL_loading_language_file * - loading language file * LABEL_setup_servers * - check and setup configured servers * LABEL_theme_setup * - setting up themes * * - load of MySQL extension (if necessary) * - loading of an authentication library * - db connection * - authentication work * * @version $Id: common.inc.php 12165 2009-01-01 23:37:14Z lem9 $ *//** * Minimum PHP version; can't call PMA_fatalError() which uses a * PHP 5 function, so cannot easily localize this message. */if (version_compare(PHP_VERSION, '5.2.0', 'lt')) { die('PHP 5.2+ is required');}/** * the error handler */require_once './libraries/Error_Handler.class.php';/** * initialize the error handler */$GLOBALS['error_handler'] = new PMA_Error_Handler();$cfg['Error_Handler']['display'] = TRUE;// at this point PMA_PHP_INT_VERSION is not yet definedif (version_compare(phpversion(), '6', 'lt')) { /** * Avoid object cloning errors */ @ini_set('zend.ze1_compatibility_mode', false); /** * Avoid problems with magic_quotes_runtime */ @ini_set('magic_quotes_runtime', false);}/** * for verification in all procedural scripts under libraries */define('PHPMYADMIN', true);/** * core functions */require_once './libraries/core.lib.php';/** * Input sanitizing */require_once './libraries/sanitizing.lib.php';/** * the PMA_Theme class */require_once './libraries/Theme.class.php';/** * the PMA_Theme_Manager class */require_once './libraries/Theme_Manager.class.php';/** * the PMA_Config class */require_once './libraries/Config.class.php';/** * the PMA_Table class */require_once './libraries/Table.class.php';if (!defined('PMA_MINIMUM_COMMON')) { /** * common functions */ require_once './libraries/common.lib.php'; /** * Java script escaping. */ require_once './libraries/js_escape.lib.php'; /** * Include URL/hidden inputs generating. */ require_once './libraries/url_generating.lib.php';}/******************************************************************************//* start procedural code label_start_procedural *//** * protect against possible exploits - there is no need to have so much variables */if (count($_REQUEST) > 1000) { die('possible exploit');}/** * Check for numeric keys * (if register_globals is on, numeric key can be found in $GLOBALS) */foreach ($GLOBALS as $key => $dummy) { if (is_numeric($key)) { die('numeric key detected'); }}unset($dummy);/** * PATH_INFO could be compromised if set, so remove it from PHP_SELF * and provide a clean PHP_SELF here */$PMA_PHP_SELF = PMA_getenv('PHP_SELF');$_PATH_INFO = PMA_getenv('PATH_INFO');if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) { $path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO); if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) { $PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos); }}$PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);/** * just to be sure there was no import (registering) before here * we empty the global space (but avoid unsetting $variables_list * and $key in the foreach(), we still need them!) */$variables_whitelist = array ( 'GLOBALS', '_SERVER', '_GET', '_POST', '_REQUEST', '_FILES', '_ENV', '_COOKIE', '_SESSION', 'error_handler', 'PMA_PHP_SELF', 'variables_whitelist', 'key');foreach (get_defined_vars() as $key => $value) { if (! in_array($key, $variables_whitelist)) { unset($$key); }}unset($key, $value, $variables_whitelist);/** * Subforms - some functions need to be called by form, cause of the limited URL * length, but if this functions inside another form you cannot just open a new * form - so phpMyAdmin uses 'arrays' inside this form * * <code> * <form ...> * ... main form elments ... * <input type="hidden" name="subform[action1][id]" value="1" /> * ... other subform data ... * <input type="submit" name="usesubform[action1]" value="do action1" /> * ... other subforms ... * <input type="hidden" name="subform[actionX][id]" value="X" /> * ... other subform data ... * <input type="submit" name="usesubform[actionX]" value="do actionX" /> * ... main form elments ... * <input type="submit" name="main_action" value="submit form" /> * </form> * </code * * so we now check if a subform is submitted */$__redirect = null;if (isset($_POST['usesubform'])) { // if a subform is present and should be used // the rest of the form is deprecated $subform_id = key($_POST['usesubform']); $subform = $_POST['subform'][$subform_id]; $_POST = $subform; $_REQUEST = $subform; /** * some subforms need another page than the main form, so we will just * include this page at the end of this script - we use $__redirect to * track this */ if (isset($_POST['redirect']) && $_POST['redirect'] != basename($PMA_PHP_SELF)) { $__redirect = $_POST['redirect']; unset($_POST['redirect']); } unset($subform_id, $subform);} else { // Note: here we overwrite $_REQUEST so that it does not contain cookies, // because another application for the same domain could have set // a cookie (with a compatible path) that overrides a variable // we expect from GET or POST. // We'll refer to cookies explicitly with the $_COOKIE syntax. $_REQUEST = array_merge($_GET, $_POST);}// end check if a subform is submitted// remove quotes added by php// (get_magic_quotes_gpc() is deprecated in PHP 5.3, but compare with 5.2.99// to be able to test with 5.3.0-dev)if (function_exists('get_magic_quotes_gpc') && -1 == version_compare(PHP_VERSION, '5.2.99') && get_magic_quotes_gpc()) { PMA_arrayWalkRecursive($_GET, 'stripslashes', true); PMA_arrayWalkRecursive($_POST, 'stripslashes', true); PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true); PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);}/** * clean cookies on upgrade * when changing something related to PMA cookies, increment the cookie version */$pma_cookie_version = 4;if (isset($_COOKIE) && (isset($_COOKIE['pmaCookieVer']) && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) { // delete all cookies foreach($_COOKIE as $cookie_name => $tmp) { PMA_removeCookie($cookie_name); } $_COOKIE = array(); PMA_setCookie('pmaCookieVer', $pma_cookie_version);}/** * include deprecated grab_globals only if required */if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) { require './libraries/grab_globals.lib.php';}/** * check timezone setting * this could produce an E_STRICT - but only once, * if not done here it will produce E_STRICT on every date/time function * * @todo need to decide how we should handle this (without @) */date_default_timezone_set(@date_default_timezone_get());/** * include session handling after the globals, to prevent overwriting */require_once './libraries/session.inc.php';/** * init some variables LABEL_variables_init *//** * holds parameters to be passed to next page * @global array $GLOBALS['url_params'] */$GLOBALS['url_params'] = array();/** * the whitelist for $GLOBALS['goto'] * @global array $goto_whitelist */$goto_whitelist = array( //'browse_foreigners.php', //'calendar.php', //'changelog.php', //'chk_rel.php', 'db_create.php', 'db_datadict.php', 'db_sql.php', 'db_export.php', 'db_importdocsql.php', 'db_qbe.php', 'db_structure.php', 'db_import.php', 'db_operations.php', 'db_printview.php', 'db_search.php', //'Documentation.html', //'error.php', 'export.php', 'import.php', //'index.php', //'navigation.php', //'license.php', 'main.php', 'pdf_pages.php', 'pdf_schema.php', //'phpinfo.php', 'querywindow.php', //'readme.php', 'server_binlog.php', 'server_collations.php', 'server_databases.php', 'server_engines.php', 'server_export.php', 'server_import.php', 'server_privileges.php', 'server_processlist.php', 'server_sql.php', 'server_status.php', 'server_variables.php', 'sql.php', 'tbl_addfield.php', 'tbl_alter.php', 'tbl_change.php', 'tbl_create.php', 'tbl_import.php', 'tbl_indexes.php', 'tbl_move_copy.php', 'tbl_printview.php', 'tbl_sql.php', 'tbl_export.php', 'tbl_operations.php', 'tbl_structure.php', 'tbl_relation.php', 'tbl_replace.php', 'tbl_row_action.php', 'tbl_select.php', //'themes.php', 'transformation_overview.php', 'transformation_wrapper.php', 'translators.html', 'user_password.php',);/** * check $__redirect against whitelist */if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) { $__redirect = null;}/** * holds page that should be displayed * @global string $GLOBALS['goto'] */$GLOBALS['goto'] = '';// Security fix: disallow accessing serious server files via "?goto="if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) { $GLOBALS['goto'] = $_REQUEST['goto']; $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];} else { unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);}/** * returning page * @global string $GLOBALS['back'] */if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) { $GLOBALS['back'] = $_REQUEST['back'];} else { unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);}/** * Check whether user supplied token is valid, if not remove any possibly * dangerous stuff from request. * * remember that some objects in the session with session_start and __wakeup() * could access this variables before we reach this point * f.e. PMA_Config: fontsize * * @todo variables should be handled by their respective owners (objects) * f.e. lang, server, convcharset, collation_connection in PMA_Config */if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { /** * List of parameters which are allowed from unsafe source */ $allow_list = array( /* needed for direct access, see FAQ 1.34 * also, server needed for cookie login screen (multi-server) */ 'server', 'db', 'table', 'target', /* Session ID */ 'phpMyAdmin', /* Cookie preferences */ 'pma_lang', 'pma_charset', 'pma_collation_connection', /* Possible login form */ 'pma_servername', 'pma_username', 'pma_password', /* rajk - for playing blobstreamable media */ 'media_type', 'custom_type', 'bs_reference', /* rajk - for changing BLOB repository file MIME type */ 'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type' ); /** * Require cleanup functions */ require_once './libraries/cleanup.lib.php'; /** * Do actual cleanup */ PMA_remove_request_vars($allow_list);}/** * @global string $GLOBALS['convcharset'] * @see select_lang.lib.php */if (isset($_REQUEST['convcharset'])) { $GLOBALS['convcharset'] = strip_tags($_REQUEST['convcharset']);}/** * current selected database * @global string $GLOBALS['db'] */$GLOBALS['db'] = '';if (PMA_isValid($_REQUEST['db'])) { // can we strip tags from this? // only \ and / is not allowed in db names for MySQL $GLOBALS['db'] = $_REQUEST['db']; $GLOBALS['url_params']['db'] = $GLOBALS['db'];}/** * current selected table * @global string $GLOBALS['table'] */$GLOBALS['table'] = '';if (PMA_isValid($_REQUEST['table'])) { // can we strip tags from this? // only \ and / is not allowed in table names for MySQL $GLOBALS['table'] = $_REQUEST['table']; $GLOBALS['url_params']['table'] = $GLOBALS['table'];}/** * SQL query to be executed * @global string $GLOBALS['sql_query'] */$GLOBALS['sql_query'] = '';if (PMA_isValid($_REQUEST['sql_query'])) { $GLOBALS['sql_query'] = $_REQUEST['sql_query'];}/** * avoid problems in phpmyadmin.css.php in some cases * @global string $js_frame */$_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup//$_REQUEST['server']; // checked later in this file//$_REQUEST['lang']; // checked by LABEL_loading_language_file/** * holds name of JavaScript files to be included in HTML header * @global array $js_include⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -